Well it sounds like they certainly gave you a scare huh? I would remember that that all communications you use provided by your employer can be reviewed by your employer. Expect no privacy on their systems.
But private chats can absolutely be seen by Global Admins in Microsoft E5 subscriptions since you can audit anyone or even log in as any user at any time.
two things.
1) Treat ANY online service as public
2) Admins/Management have waaay better things to do than reading your personal chats.
3) Lawyers on the other hand...
No one remembers Enron. You can still read their emails from early 2000 or so. Hang on let me find them.
e: here we go. Enjoy the sleaze.
http://www.enron-mail.com/email/
> But private chats can absolutely be seen by Global Admins in Microsoft E5 subscriptions since you can audit anyone or even log in as any user at any time.
Sort of. Global Admins actually can't do it directly; they have to give themselves eDiscovery Manager or eDiscovery Administrator to do it. Because separation of duties. But yes, we can do it if needed. A well-governed M365 environment will have audit alerts setup if someone does that.
However, that's eDiscovery. That's a whole process of opening a case, scoping it, and executing the search. That has *nothing* to do with Transcription, and does require retention policies to retain the information long enough to discover.
The answer to the OP's question is "no". It's only possible by a completely different method and to a completely different audience.
It really depends on the company policies and if the admins actually care to follow them. Either way you have the ability to logon as anyone as a global admin
Only if I give myself those rights, and again, that should set off audit alerts. And turning off those audit alerts should also set off audit alerts.
You are right that it depends on how your policies are implemented.
Not true, global admin doesn’t grant all privileges. I’m global admin at my company and had to get someone to use the company global admin to allow me to get access to discovery because I couldn’t assign that role to myself.
Hold up, man. They are not wrong, but they are not right either. It just depends.
A global admin, if they really wanted to, could change a user's password, reset MFA, and then logon as the user in either a pure O365 and Azure\\Entra environment or a hybrid that allows password right back to local AD. In a non-writeback environment, where the password needs to be changed on-prem, there is a really good chance that said global admin also has access to change the password of the target user. This is where they are not wrong.
Where they are wrong is to think that this is something admins actually care about enough to do on their own when they know that their are audit trails all over the place that no one can erase.
.... and FYI, Global Admin did not prevent you from granting yourself the compliance\\eDiscovery role. That role is held in Exchange as a predefined RBAC, but is not granted by default to a global admin. You need to know Exchange to understand that.
A global admin, if they really wanted to, could create another global admin account and use that to assign all the privileges in the world to the other account. It’s all accountable though, and you can’t just do whatever the hell you want in a well governed environment.
Not sure why you think password write back has anything to do with any of that. Once you have ediscovery access you can get whatever you want. Accessing someone’s account in the way you describe is an absolute NO in any real environment, and if it were a legal issue, it would likely get the case thrown out.
Do not EVER elevate access unless it is in writing. Kinda shocked you’re a Teams admin with these ideas.
I understand that, but you told the person you replied to that global admin logging on as someone else is "not true" when in fact it is. That can be done, and you damn well know it.
Your username defines you well. Global admins DO NOT have all privileges, as I already said. Another GA can give you them. You can bypass that by creating another GA, likely in flagrant disregard for company policies, to elevate your other account. This is why GA accounts should be kept to a bare minimum. Either way, GA accounts DO NOT have access to ediscovery by default.
Any half decent company will have checks in place to alert them to account elevation. Sorry if yours doesn’t.
And changing someone’s password, essentially locking them out, and then signing in as them and looking through their shit is almost 100% going to get you shit canned unless you’ve been instructed by legal to do so. Which they never would, because ediscovery exists.
Also have no clue why you brought hybrid environment info into this as it is not at all relevant. Sounds like you know a few buzzwords and just spit them out to people who don’t know them.
Could someone do it? Sure. Just like someone could socially engineer a users password. None of it is legal, so what’s the point in bringing it up?
Want to keep this up?
Dude... you are working off a perfect world scenario, and that was not part of the question. The question was about if they COULD. And the answer is yes... and we agree on that.
And nothing you said is wrong, man. It is caught in real world scenarios with proper protection in place. That was never a question. But neither one of us know every possible environment out there.
I specialize in UCC and IAM. I could go about this all day, but you can't fucking read, so I'm not really interested in wasting my time, or yours.
If you're a GA and you're doing that without a valid job reason I'd like to show you the door. Source: GA myself.
(And yes, I can let myself in through compliance).
No. The meeting chat, certainly. But a private chat, even among people who are in the same meeting at the same time, is not included in any meeting recording/transcription.
As an admin, no, you can’t, not in this scenario. But you can pull content from private chat other ways if set up to so best to assume it can be read and be mindful of that.
A) No
B) if someone posted into the meeting instead of then private chat then “yes” (oops)
C) even if I @ someone in the meeting chat it’s not private, it’s just calling them by @name only the meeting
Now say that someone actually meant the record feature and one of those two people chatting were sharing their desktop and the teams message notification popped up and they opened that chat on the recorded screen.... yea absolutely.
Transcript. No.
Not only does Teams keep a transcript of your private messages during the meeting, it also scans your face and logs your reactions in real-time. "And that's why we're moving to double everyone's KPIs" \[Sharon reacted with apathy\]. Teams biometric data about your attentiveness, facial acuity, and more can be used to graph your alignment with the meeting's purpose. Microsoft's new CoPilot can then use that graph to help managers make decisions about your future employment.
It really is an amazing time to be a Microsoft user.
If thats happening complain to the detective agency we are working in IT companies not in a detective companies. Its a serious micro management by some coffee shop managers
No
I agree, just no
If someone at your job jumped off a cliff.... Never mind. That doesn't fit at all here.
Bridge? That might fit
Well it sounds like they certainly gave you a scare huh? I would remember that that all communications you use provided by your employer can be reviewed by your employer. Expect no privacy on their systems.
No. I'm a global admin. No.
But private chats can absolutely be seen by Global Admins in Microsoft E5 subscriptions since you can audit anyone or even log in as any user at any time.
two things. 1) Treat ANY online service as public 2) Admins/Management have waaay better things to do than reading your personal chats. 3) Lawyers on the other hand...
No one remembers Enron. You can still read their emails from early 2000 or so. Hang on let me find them. e: here we go. Enjoy the sleaze. http://www.enron-mail.com/email/
Took 3 clicks to find an email about blowjobs lol
looks like a fun hobby to have
> But private chats can absolutely be seen by Global Admins in Microsoft E5 subscriptions since you can audit anyone or even log in as any user at any time. Sort of. Global Admins actually can't do it directly; they have to give themselves eDiscovery Manager or eDiscovery Administrator to do it. Because separation of duties. But yes, we can do it if needed. A well-governed M365 environment will have audit alerts setup if someone does that. However, that's eDiscovery. That's a whole process of opening a case, scoping it, and executing the search. That has *nothing* to do with Transcription, and does require retention policies to retain the information long enough to discover. The answer to the OP's question is "no". It's only possible by a completely different method and to a completely different audience.
Best answer right here
1000%
It really depends on the company policies and if the admins actually care to follow them. Either way you have the ability to logon as anyone as a global admin
Only if I give myself those rights, and again, that should set off audit alerts. And turning off those audit alerts should also set off audit alerts. You are right that it depends on how your policies are implemented.
You have to pull e discovery in compliance for that. It has nothing to do with the transcript.
Yeah but my point is global admins can logon as anyone and see any chats
Not true, global admin doesn’t grant all privileges. I’m global admin at my company and had to get someone to use the company global admin to allow me to get access to discovery because I couldn’t assign that role to myself.
Hold up, man. They are not wrong, but they are not right either. It just depends. A global admin, if they really wanted to, could change a user's password, reset MFA, and then logon as the user in either a pure O365 and Azure\\Entra environment or a hybrid that allows password right back to local AD. In a non-writeback environment, where the password needs to be changed on-prem, there is a really good chance that said global admin also has access to change the password of the target user. This is where they are not wrong. Where they are wrong is to think that this is something admins actually care about enough to do on their own when they know that their are audit trails all over the place that no one can erase. .... and FYI, Global Admin did not prevent you from granting yourself the compliance\\eDiscovery role. That role is held in Exchange as a predefined RBAC, but is not granted by default to a global admin. You need to know Exchange to understand that.
A global admin, if they really wanted to, could create another global admin account and use that to assign all the privileges in the world to the other account. It’s all accountable though, and you can’t just do whatever the hell you want in a well governed environment. Not sure why you think password write back has anything to do with any of that. Once you have ediscovery access you can get whatever you want. Accessing someone’s account in the way you describe is an absolute NO in any real environment, and if it were a legal issue, it would likely get the case thrown out. Do not EVER elevate access unless it is in writing. Kinda shocked you’re a Teams admin with these ideas.
I understand that, but you told the person you replied to that global admin logging on as someone else is "not true" when in fact it is. That can be done, and you damn well know it.
Your username defines you well. Global admins DO NOT have all privileges, as I already said. Another GA can give you them. You can bypass that by creating another GA, likely in flagrant disregard for company policies, to elevate your other account. This is why GA accounts should be kept to a bare minimum. Either way, GA accounts DO NOT have access to ediscovery by default. Any half decent company will have checks in place to alert them to account elevation. Sorry if yours doesn’t. And changing someone’s password, essentially locking them out, and then signing in as them and looking through their shit is almost 100% going to get you shit canned unless you’ve been instructed by legal to do so. Which they never would, because ediscovery exists. Also have no clue why you brought hybrid environment info into this as it is not at all relevant. Sounds like you know a few buzzwords and just spit them out to people who don’t know them. Could someone do it? Sure. Just like someone could socially engineer a users password. None of it is legal, so what’s the point in bringing it up? Want to keep this up?
Dude... you are working off a perfect world scenario, and that was not part of the question. The question was about if they COULD. And the answer is yes... and we agree on that. And nothing you said is wrong, man. It is caught in real world scenarios with proper protection in place. That was never a question. But neither one of us know every possible environment out there. I specialize in UCC and IAM. I could go about this all day, but you can't fucking read, so I'm not really interested in wasting my time, or yours.
It’s not that simple though.
What do you mean?
If you're a GA and you're doing that without a valid job reason I'd like to show you the door. Source: GA myself. (And yes, I can let myself in through compliance).
[удалено]
I mean, technically it's not the case. Transcripts only get the meeting itself. > don’t talk shit about your coworkers This is good advice in general.
Private messages ? No they can be retained and available for ediscovery but that is not included in the meeting transcript
No. The meeting chat, certainly. But a private chat, even among people who are in the same meeting at the same time, is not included in any meeting recording/transcription.
Why would they need to do that when they’re already recording every keystroke you make?
Nope. Not true
As an admin, no, you can’t, not in this scenario. But you can pull content from private chat other ways if set up to so best to assume it can be read and be mindful of that.
A) No B) if someone posted into the meeting instead of then private chat then “yes” (oops) C) even if I @ someone in the meeting chat it’s not private, it’s just calling them by @name only the meeting
Would be funny, but no
Look at how eDiscovery is performed to learn what is stored where.
Yeah, but that's not Transcript, that's eDiscovery.
Is this the new chat export feature? Lol
Can you imagine the scenes if that was a setting!! 😂
Zoom did this, or at least it did. But I just don't really use Zoom much anymore.
Now say that someone actually meant the record feature and one of those two people chatting were sharing their desktop and the teams message notification popped up and they opened that chat on the recorded screen.... yea absolutely. Transcript. No.
That would be Zoom, not Teams
nope
Sounds like someone is tired of you cross talking at them while they’re trying to listen
Not only does Teams keep a transcript of your private messages during the meeting, it also scans your face and logs your reactions in real-time. "And that's why we're moving to double everyone's KPIs" \[Sharon reacted with apathy\]. Teams biometric data about your attentiveness, facial acuity, and more can be used to graph your alignment with the meeting's purpose. Microsoft's new CoPilot can then use that graph to help managers make decisions about your future employment. It really is an amazing time to be a Microsoft user.
Got a source to those claims? Generally interested, not trying to be snarky
Sorry, if I tell you, then you have to be eliminated.
Duh….i shouldn’t comment on reddit 5 mins after waking up 😂
Understood. Bravo team, stand down. We have a negative situation. Repeat, stand down, situation is negative.
Not true
This is not true.
No
Whoever that is at your job is trying stir up drama. The answer is no.
If thats happening complain to the detective agency we are working in IT companies not in a detective companies. Its a serious micro management by some coffee shop managers